Re: History Files

[mej () VALINUX COM (Michael Jennings)]

On Sunday, 16 April 2000, at 13:13:19 (-0700),
Corwin J. Grey wrote:

> Actually yeah, I did afterwards. I was trying to stick with audit's
> original method. The exact format I use on our servers is to simply
> leave the actual .bash_history in the user's home dir and I put a
> hard link into /var/log/history/user.

1.  Login
2.  rm $HOME/.bash_history
3.  kill -9 <bash pid>
4.  Login again
5.  <insert desired command here>

You can play around with history toys all day long; experienced users
are going to notice that "2" link count on their history files and
will know exactly how to defeat it.  And unless you have a system
where users don't own their own files and home directories, there's
not much you can do about it like that.

I hate to sound like a broken record here, but the solution is
accounting, not tricks that will only work on the most clueless of
users.

Michael

--
 "Blessed are the shallow; depth they'll never find.  Seems to be
  some comfort in rooms I try to hide.  Exposed beyond the shadows,
  you take the cup from me.  Your dirt removes my blindness; your
  pain becomes my peace."                     -- Jars of Clay, "Frail"
=======================================================================
Michael Jennings  <mej () eterm org>  www.tcserv.com  PGP Key ID: BED09971
Software Engineer, VA Linux Systems       Author, Eterm (www.eterm.org)